Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,242
CVE-linked
1,863
Programs
343
New This Week
22
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 657 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
XSS STORED AT socialclub.rockstargames.com (add friend request from profile attacker)
Rockstar Games Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2021-06-03
Unrestricted File Upload Results in Cross-Site Scripting Attacks
Uber Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2021-05-14
XSS in request approvals
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2021-04-23
Stored XSS at Module Name
Stripo Inc Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2021-04-12
Stored XSS on apps.shopify.com
Shopify Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2021-04-08
Account takeover via XSS
Rocket.Chat Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2021-03-31
Stored XSS on https://events.hackerone.com
HackerOne Cross-site Scripting (XSS) - Stored (CWE-79)
None
2021-03-26
Blind Stored XSS Payload fired at the backend on https://█████████/
U.S. Dept Of Defense Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2021-03-24
Stored Cross-Site Scripting vulnerability in example Custom Digital Agreement
HackerOne Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2021-03-18
Stored XSS при удалении группы из беседы (m.vk.com)
VK.com Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2021-03-17
Blind Stored XSS on https://█████████ after filling a request at https://█████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-03-11
Stored XSS through name / last name on https://██████████/
U.S. Dept Of Defense Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-03-11
Blind Stored XSS on ███████ leads to takeover admin account
U.S. Dept Of Defense Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2021-03-11
Stored XSS in the banner block description
Stripo Inc Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2021-03-09
Insecure file upload in xiaoai.mi.com Lead to Stored XSS
Xiaomi Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2021-03-09
Stored XSS via Angular Expression injection via Subject while starting conversation with other users.
FetLife Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2021-03-07
[First 30] Stored XSS on login.uber.com/oauth/v2/authorize via redirect_uri parameter
Uber Cross-site Scripting (XSS) - Stored (CWE-79)
High
2021-02-25
Stored XSS on auth.uber.com/oauth/v2/authorize via redirect_uri parameter leads to Account Takeover
Uber Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2021-02-25
Stored XSS via `Create a Fetish` section.
FetLife Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2021-02-25
[manage.jumpbikes.com] Blind XSS on Jump admin panel via user name
Uber Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2021-02-23
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609 $1,500
Nextcloud583
Shopify464
curl455
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239